CVE-2010-4246
published 2010-12-07CVE-2010-4246: Multiple cross-site scripting (XSS) vulnerabilities in graph.php in pfSense 1.2.3 and 2 beta 4 allow remote attackers to inject arbitrary web script or HTML…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.54%
71.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in graph.php in pfSense 1.2.3 and 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via the (1) ifnum or (2) ifname parameter, a different vulnerability than CVE-2008-1182.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bsdperimeter | pfsense | — | — |
| bsdperimeter | pfsense | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c8pc-qq5m-x5p4: Multiple cross-site scripting (XSS) vulnerabilities in graph
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2010-4246 [MEDIUM] CWE-79 GHSA-c8pc-qq5m-x5p4: Multiple cross-site scripting (XSS) vulnerabilities in graph
Multiple cross-site scripting (XSS) vulnerabilities in graph.php in pfSense 1.2.3 and 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via the (1) ifnum or (2) ifname parameter, a different vulnerability than CVE-2008-1182.
GHSA
GHSA-qg7g-2cwq-3jm2: Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id p
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2010-4412 [MEDIUM] CWE-79 GHSA-qg7g-2cwq-3jm2: Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id p
Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or (4) interfaces.php, a different vulnerability than CVE-2008-1182 and CVE-2010-4246.
No detection rules found.
No writeups or analysis indexed.
http://openwall.com/lists/oss-security/2010/11/22/18http://openwall.com/lists/oss-security/2010/11/24/7http://seclists.org/fulldisclosure/2010/Nov/43http://secunia.com/advisories/42138http://www.securityfocus.com/bid/44738http://openwall.com/lists/oss-security/2010/11/22/18http://openwall.com/lists/oss-security/2010/11/24/7http://seclists.org/fulldisclosure/2010/Nov/43http://secunia.com/advisories/42138http://www.securityfocus.com/bid/44738
2010-12-07
Published